2 /************************************************************************
3 * MXChange v0.2.1 Start: 06/10/2005 *
4 * =============== Last change: 05/18/2008 *
6 * -------------------------------------------------------------------- *
7 * File : what-sponsor_login.php *
8 * -------------------------------------------------------------------- *
9 * Short description : Login form and password resending for sponsor *
10 * -------------------------------------------------------------------- *
11 * Kurzbeschreibung : Loginformular und Neues Passwort fuer Sponsor *
12 * -------------------------------------------------------------------- *
14 * -------------------------------------------------------------------- *
15 * Copyright (c) 2003 - 2008 by Roland Haeder *
16 * For more information visit: http://www.mxchange.org *
18 * This program is free software. You can redistribute it and/or modify *
19 * it under the terms of the GNU General Public License as published by *
20 * the Free Software Foundation; either version 2 of the License. *
22 * This program is distributed in the hope that it will be useful, *
23 * but WITHOUT ANY WARRANTY; without even the implied warranty of *
24 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the *
25 * GNU General Public License for more details. *
27 * You should have received a copy of the GNU General Public License *
28 * along with this program; if not, write to the Free Software *
29 * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, *
31 ************************************************************************/
33 // Some security stuff...
34 if (ereg(basename(__FILE__), $_SERVER['PHP_SELF']))
36 $INC = substr(dirname(__FILE__), 0, strpos(dirname(__FILE__), "/inc") + 4)."/security.php";
40 // Add description as navigation point
41 ADD_DESCR("guest", basename(__FILE__));
44 if (!empty($HTTP_GET_VARS['mode']))
46 // A "special" mode of the login system was requested
47 switch ($HTTP_GET_VARS['mode'])
49 case "activate" : $MODE = "activate"; break; // Activation link requested
50 case "lost_pass": $MODE = "lost_pass"; break; // Request new password
54 // Check if hash for confirmation of email address is given...
55 if (!empty($HTTP_GET_VARS['hash']))
58 $result = SQL_QUERY_ESC("SELECT id, status, salut, surname, family,
59 company, position, tax_ident,
60 street_nr1, street_nr2, country, zip, city, email, phone, fax, cell,
61 points_amount AS points, last_pay AS pay, last_curr AS curr
62 FROM "._MYSQL_PREFIX."_sponsor_data
63 WHERE hash='%s' AND (status='UNCONFIRMED' OR status='EMAIL')
64 LIMIT 1", array($HTTP_GET_VARS['hash']), __FILE__, __LINE__);
65 if (SQL_NUMROWS($result) == 1)
67 // Sponsor found, load his data...
68 $SPONSOR = SQL_FETCHARRAY($result);
70 // Translate salut and comma
71 $SPONSOR['salut'] = TRANSLATE_SEX($SPONSOR['salut']);
72 $SPONSOR['points'] = TRANSLATE_COMMA($SPONSOR['points']);
73 $SPONSOR['pay'] = TRANSLATE_COMMA($SPONSOR['pay']);
75 // Unconfirmed account or changed email address?
76 if ($SPONSOR['status'] == "UNCONFIRMED")
78 // Set account to pending
79 $result_update = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_sponsor_data SET status='PENDING'
80 WHERE id='%s' AND hash='%s' AND status='UNCONFIRMED' LIMIT 1",
81 array(bigintval($SPONSOR['id']), $HTTP_GET_VARS['hash']), __FILE__, __LINE__);
84 if (SQL_AFFECTEDROWS($link) == 1)
86 // Prepare mail and send it to the sponsor
87 $MSG = LOAD_EMAIL_TEMPLATE("sponsor_pending", $SPONSOR);
88 SEND_EMAIL($SPONSOR['email'], SPONSOR_ACCOUNT_PENDING_SUBJ, $MSG);
90 // Send email to admin
91 if (GET_EXT_VERSION("admins") >= "0.4.1")
94 SEND_ADMIN_EMAILS_PRO (ADMIN_NEW_SPONSOR, "admin_sponsor_pending", $SPONSOR);
98 // Send over old system
99 $msg_admin = LOAD_EMAIL_TEMPLATE("admin_sponsor_pending", $SPONSOR);
100 SEND_ADMIN_EMAILS (ADMIN_NEW_SPONSOR, $msg_admin);
103 // Sponsor account set to pending
104 LOAD_TEMPLATE("admin_settings_saved", false, SPONSOR_ACCOUNT_IS_PENDING);
108 // Could not unlock account!
109 LOAD_TEMPLATE("admin_settings_saved", false, SPONSOR_ACCOUNT_PENDING_FAILED);
112 elseif ($SPONSOR['status'] == "EMAIL")
114 // Changed email adress need to be confirmed
115 $result_update = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_sponsor_data SET status='CONFIRMED'
116 WHERE id='%s' AND hash='%s' AND status='EMAIL' LIMIT 1",
117 array(bigintval($SPONSOR['id']), $HTTP_GET_VARS['hash']), __FILE__, __LINE__);
120 if (SQL_AFFECTEDROWS($link) == 1)
122 // Sponsor account is unlocked again
123 LOAD_TEMPLATE("admin_settings_saved", false, SPONSOR_ACCOUNT_IS_CONFIRMED_AGAIN);
127 // Could not unlock account!
128 LOAD_TEMPLATE("admin_settings_saved", false, SPONSOR_ACCOUNT_EMAIL_FAILED);
133 /// ??? Other status?
134 LOAD_TEMPLATE("admin_settings_saved", false, SPONSOR_ACCOUNT_STATUS_FAILED);
140 LOAD_TEMPLATE("admin_settings_saved", false, SPONSOR_ACCOUNT_404);
144 SQL_FREERESULT($result);
146 elseif ($MODE == "activate")
148 // Send activation link again
149 if (isset($HTTP_POST_VARS['ok']))
151 // Check submitted data
152 if (empty($HTTP_POST_VARS['email'])) unset($HTTP_POST_VARS['ok']);
155 if (isset($HTTP_POST_VARS['ok']))
158 $result = SQL_QUERY_ESC("SELECT id, hash, status, remote_addr, salut, surname, family, sponsor_created
159 FROM "._MYSQL_PREFIX."_sponsor_data
160 WHERE email='%s' AND (status='UNCONFIRMED' OR status='EMAIL') LIMIT 1",
161 array($HTTP_POST_VARS['email']), __FILE__, __LINE__);
162 if (SQL_NUMROWS($result) == 1)
164 // Unconfirmed sponsor account found so let's load the requested data
165 $SPONSOR = SQL_FETCHARRAY($result);
167 // Translate some data
168 $SPONSOR['salut'] = TRANSLATE_SEX($SPONSOR['salut']);
169 $SPONSOR['sponsor_created'] = MAKE_DATETIME($SPONSOR['sponsor_created']);
171 // Prepare email and send it to the sponsor
172 if ($SPONSOR['status'] == "UNCONFIRMED")
174 // Unconfirmed accounts
175 $msg_sponsor = LOAD_EMAIL_TEMPLATE("sponsor_activate", $SPONSOR);
179 // Confirmed email address
180 $msg_sponsor = LOAD_EMAIL_TEMPLATE("sponsor_email", $SPONSOR);
182 SEND_EMAIL($HTTP_POST_VARS['email'], SPONSOR_ACTIVATION_LINK_SUBJ, $msg_sponsor);
185 LOAD_TEMPLATE("admin_settings_saved", false, SPONSOR_ACTIVATION_LINK_SENT);
189 // No account found or not UNCONFIRMED
190 LOAD_TEMPLATE("admin_settings_saved", false, SPONSOR_ACTIVATION_LINK_404);
194 SQL_FREERESULT($result);
199 LOAD_TEMPLATE("guest_sponsor_activate");
202 elseif ($MODE == "lost_pass")
205 if (isset($HTTP_POST_VARS['ok']))
207 // Check submitted data
208 if (empty($HTTP_POST_VARS['email'])) unset($HTTP_POST_VARS['ok']);
211 if (isset($HTTP_POST_VARS['ok']))
214 $result = SQL_QUERY_ESC("SELECT id, hash, remote_addr, salut, surname, family, sponsor_created
215 FROM "._MYSQL_PREFIX."_sponsor_data
216 WHERE email='%s' AND id='%s' AND status='CONFIRMED' LIMIT 1",
217 array($HTTP_POST_VARS['email'], bigintval($HTTP_POST_VARS['id'])), __FILE__, __LINE__);
218 if (SQL_NUMROWS($result) == 1)
220 // Unconfirmed sponsor account found so let's load the requested data
221 $SPONSOR = SQL_FETCHARRAY($result);
223 // Translate some data
224 $SPONSOR['salut'] = TRANSLATE_SEX($SPONSOR['salut']);
225 $SPONSOR['sponsor_created'] = MAKE_DATETIME($SPONSOR['sponsor_created']);
228 $SPONSOR['password'] = GEN_PASS();
230 // Prepare email and send it to the sponsor
231 $msg_sponsor = LOAD_EMAIL_TEMPLATE("sponsor_lost", $SPONSOR);
232 SEND_EMAIL($HTTP_POST_VARS['email'], SPONSOR_LOST_PASSWORD_SUBJ, $msg_sponsor);
235 $result_update = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_sponsor_data SET password='%s'
236 WHERE id='%s' LIMIT 1",
237 array(md5($SPONSOR['password']), bigintval($SPONSOR['id'])), __FILE__, __LINE__);
240 LOAD_TEMPLATE("admin_settings_saved", false, SPONSOR_LOST_PASSWORD_SENT);
244 // No account found or not UNCONFIRMED
245 LOAD_TEMPLATE("admin_settings_saved", false, SPONSOR_LOST_PASSWORD_404);
249 SQL_FREERESULT($result);
254 LOAD_TEMPLATE("guest_sponsor_lost");
257 elseif (isset($HTTP_POST_VARS['ok']))
259 // Check status and login data ...
260 $result = SQL_QUERY_ESC("SELECT status FROM "._MYSQL_PREFIX."_sponsor_data
261 WHERE id='%s' AND password='%s' LIMIT 1",
262 array(bigintval($HTTP_POST_VARS['sponsorid']), md5($HTTP_POST_VARS['pass'])), __FILE__, __LINE__);
263 if (SQL_NUMROWS($result) == 1)
265 // Okay, first login data check passed, now has he/she an approved (CONFIRMED) account?
266 list($status) = SQL_FETCHROW($result);
267 if ($status == "CONFIRMED")
269 // Calculate cookie lifetime, maybe we have to change this so the admin can setup a
270 // seperate timeout for these two cookies?
271 $life = (time() + $CONFIG['online_timeout']);
273 // Is confirmed so both is fine and we can continue with login procedure
274 $login = ((setcookie("sponsorid" , bigintval($HTTP_POST_VARS['sponsorid']), $life, COOKIE_PATH)) &&
275 (setcookie("sponsorpass", md5($HTTP_POST_VARS['pass']) , $life, COOKIE_PATH)));
279 // Cookie setup successfull so we can forward to sponsor area
280 LOAD_URL(URL."/modules.php?module=sponsor");
284 // Cookie setup failed!
285 LOAD_TEMPLATE("admin_settings_saved", false, SPONSPOR_COOKIE_SETUP_FAILED);
288 // Login formular and other links
289 LOAD_TEMPLATE("guest_sponsor_login");
294 // Status is not fine
295 $eval = "\$content = SPONSOR_LOGIN_FAILED_".strtoupper($status).";";
297 LOAD_TEMPLATE("admin_settings_saved", false, $content);
300 // Login formular and other links
301 LOAD_TEMPLATE("guest_sponsor_login");
306 // Account missing or wrong pass! We shall not find this out for the "hacker folks"...
307 LOAD_TEMPLATE("admin_settings_saved", false, SPONSOR_LOGIN_FAILED_404_WRONG_PASS);
310 // Login formular and other links
311 LOAD_TEMPLATE("guest_sponsor_login");
315 SQL_FREERESULT($result);
319 // Login formular and other links
320 LOAD_TEMPLATE("guest_sponsor_login");